[英]MVC HTTPS redirection when behind a load balancer
I'm using MVC5 in some IIS servers on Amazon EC2, behind a Amazon Elastic Load Balancer. 我在Amazon Elastic Load Balancer后面的Amazon EC2上的某些IIS服务器中使用MVC5。 IIS servers runs only HTTP protocol, and ELB converts to HTTPS. IIS服务器仅运行HTTP协议,并且ELB转换为HTTPS。
IIS server doesn't know if user is accessing thru HTTPS, so I have a rewrite rule checking "X-Forwarded-Proto" header to redirect user to HTTPS. IIS服务器不知道用户是否通过HTTPS访问,因此我有一个重写规则,检查“ X-Forwarded-Proto”标头以将用户重定向到HTTPS。
Unfortunately, when a login is required, MVC/IIS redirects user to a logon page in HTTP . 不幸的是,当需要登录时,MVC / IIS会将用户重定向到HTTP中的登录页面 。
If I check my website in a tool like http://www.redirect-checker.org/ I get these type of results: 如果我使用http://www.redirect-checker.org/之类的工具检查我的网站,则会得到以下结果:
http://example.com/ http://example.com/
301 Moved Permanently (my URL rewrite rule) 301永久移动(我的URL重写规则)
https://example.com/ https://example.com/
302 Found (Login-required redirect -> why to HTTP?) 找到302(需要登录名重定向->为什么要HTTP?)
http://example.com/Account/Logon?ReturnUrl=%2F http://example.com/Account/Logon?ReturnUrl=%2F
301 Moved Permanently (again my URL rewrite rule) 301永久移动(同样,我的URL重写规则)
https://example.com/Account/Logon?ReturnUrl=%2F https://example.com/Account/Logon?ReturnUrl=%2F
200 OK 200 OK
Am I missing something? 我想念什么吗?
Can I configure login-redirect to keep protocol, eliminating one of these redirects? 我可以配置登录重定向以保留协议,从而消除这些重定向之一吗?
Better yet, can I somehow precede login-redirect rule and make it force HTTPS, in order to have only one redirect? 更好的是,为了只进行一个重定向,我可以以某种方式优先于登录重定向规则并使其强制HTTPS吗?
Thanks a lot! 非常感谢!
Appendix: I checked that commands like "RedirectToAction" send address like "/Index2", not the whole " http://example.com/Index2 ". 附录:我检查了像“ RedirectToAction”这样的命令发送的地址是“ / Index2”,而不是整个“ http://example.com/Index2 ”。 This is fine, so it keeps the user protocol. 很好,因此保留了用户协议。
Assuming you're using ASP.NET forms authentication, have a look in your web.config
for your Authentication
configuration and add requireSsl="true"
to the <forms>
element, as below: 假设您使用的是ASP.NET表单身份验证,请在web.config
中查看Authentication
配置,然后将requireSsl="true"
添加到<forms>
元素中,如下所示:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" requireSSL="true" />
</authentication>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.